Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.5, 5.5(EOL), 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL)
Description
When the CLIENT_NO_SCHEMA client capability flag is set, GRANT commands remove the explicitly given database name and replace it to the current database.
Normally it can be reproduced when an ODBC DSN has the NO_SCHEMA=1 parameter, but it can also be reproduced using a command line with debugger.
How to reproduce with a debugger
Set a break point inside prepare_new_connection_state() in your debugger, e.g.:
(gdb) b prepare_new_connection_state
|
Continue the server execution in the debugger.
Start a new command line client as a super-user. When the execution reaches the breakpoint, add the CLIENT_NO_SCHEMA bit into thd->client_capabilities, e.g.:
(gdb) set thd->client_capabilities= thd->client_capabilities | CLIENT_NO_SCHEMA
|
and continue the execution.
Run the following script in the client:
USE mysql;
|
DROP TABLE IF EXISTS test.user;
|
CREATE TABLE test.user (a INT);
|
DROP USER IF EXISTS user1@localhost;
|
CREATE USER user1@localhost;
|
GRANT SELECT ON test.user TO user1@localhost;
|
SHOW GRANTS FOR user1@localhost;
|
The output is:
+-------------------------------------------------------+
|
| Grants for user1@localhost |
|
+-------------------------------------------------------+
|
| GRANT USAGE ON *.* TO 'user1'@'localhost' |
|
| GRANT SELECT ON `mysql`.`user` TO 'user1'@'localhost' |
|
+-------------------------------------------------------+
|
It looks wrong. The GRANT command was supposed to add the privilege on the table test.user, but it added the privilege on the table mysql.user instead, where mysql is the current database.
Attachments
Issue Links
- relates to
-
MDEV-21743 Split up SUPER privilege to smaller privileges
- Closed